Back to skill
Skillv2.0.0
VirusTotal security
wanjie-openclaw-video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 10:11 AM
- Hash
- 8acccb57d21c8728b585569c6f4c253e504a68d33206bbc16a644c8e79bcf5da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wanjie-openclaw-video-v2-0-1 Version: 2.0.0 The skill exhibits high-risk behavior by programmatically extracting the first available API key from the user's global OpenClaw configuration (~/.openclaw/openclaw.json) and transmitting it to an external endpoint (maas-openapi.wanjiedata.com) in veo_worker.py, which could lead to the leakage of unrelated service credentials (e.g., OpenAI/Anthropic keys). Furthermore, SKILL.md and README.md claim the plugin installs a Windows Task Scheduler task ('OpenClaw_Veo_Monitor') for persistence and 'automated monitoring,' although the code to implement this is missing from the bundle. The skill also performs background process spawning and automatically opens URLs returned by the remote API using platform-specific commands like os.startfile and xdg-open.
- External report
- View on VirusTotal